This site may earn affiliate commissions from the links on this page. Terms of use.

It’s common to have firewalls and other security measures protecting your PC’s network connections, but what about the wireless signal that your mouse uses? An analysis by researchers at Bastille Networks indicates that your wireless mouse might provide an attacker with a route to get malware onto your machine, provided they’re within about 100 meters. They’ve dubbed this vulnerability “Mousejack.”

The researchers tested many mice from manufacturers like Logitech, Dell, and Lenovo that operate over 2.4GHz wireless communications. This is separate from Bluetooth mice, with which the team found no security issues. Additionally, wireless keyboards were not subject to Mousejack (as you can probably guess from the name). Manufacturers encrypted wireless keyboard connections due to the risk of keystrokes being intercepted. Mice, however, are not encrypted.

The problem is caused by the way the USB dongle communicates with the mouse. Because the connection with the mouse isn’t encrypted, the dongle will accept any seemingly valid command. An attacker can therefore send packets that generate keystrokes instead of clicks. This would basically allow the attacker to direct the computer to a malicious website or server in mere seconds. Bastille Networks was able to generate 1000 words per minute over the wireless connection and install a rootkit in about 10 seconds. Unless you’re expecting the attack, it’s unlikely you’d be able to do anything to stop it.

Some manufacturers like Logitech have already rolled out patches to their connection software that block Mousejack. However, there are a large number of cheaper mice that do not have updatable firmware. These devices will remain vulnerable, which could be an issue in business environments where peripherals are often used for many years before being replaced. If you have a wireless setup, it might be time to check for updates.